Knowledge-Based Authentication (KBA) is often used to verify a person's identity by having that person answer certain questions that involve facts about his or her life. In one example, KBA may help prove the alleged identity of a person trying to gain access to an online account. For example, in the event that an email user has forgotten his or her password, the user's email provider may attempt to verify the user's alleged identity via KBA before granting him or her access to the email account. In this example, KBA may enable the user to prove his or her alleged identity and then recover his or her email account despite forgetting the password.
Unfortunately, conventional approaches to KBA may have certain flaws and/or vulnerabilities that enable a person to spoof the identity of another to gain illegitimate access to his or her accounts. In one example, a conventional approach to KBA may involve asking a person trying to gain access to an online account to provide the maiden name of the account owner's mother. This conventional approach, however, may fall short of proving the person's alleged identity because others (e.g., family members, friends, and/or identity thieves) may know, guess, and/or discover the maiden name of the account owner's mother, thereby enabling that person to steal and/or spoof the account owner's identity and/or gain illegitimate access to his or her online account.
Accordingly, to be effective in verifying a person's alleged identity, KBA may need to rely on questions that have high entropy. In this context, the term “entropy” may refer to the level of difficulty, unlikelihood, and/or improbability involved in guessing and/or discovering the answer to a question about another person. For example, a high-entropy question may be difficult or even impossible for someone to answer correctly about another person's life or experiences. Similarly, a question with high social entropy may be difficult or even impossible for someone to answer correctly about another person's life or experiences despite all the information available on social media about that other person.
The instant disclosure, therefore, identifies and addresses a need for additional and improved methods, systems, and apparatuses for selecting questions for KBA based on social entropy.